Jump to content

C:\Windows\SysWOW64\rundll32.exe Threat


dkrumholz

Recommended Posts

Windows 7 64 Bit

I continually get a threat warning of a web based dll trying to load. I select clean but NOD32 can't seem to stop the threat from reoccurring. The threat says "a variant of Win32/Conduit.SearchProtect.H potentially unwanted application". The object name has been removed from this post but it is shown in the attached file. Suggestions?

Edited by dwomack
Link to comment
Share on other sites

The link in the post above is a threat.

Please refrain from posting direct links to files that are infected.  :)

Can we get a moderator to disable. ;)

 

Do you have Detection of Potentially Unwanted Applications turned on ?

Edited by Arakasi
Link to comment
Share on other sites

Yes. Detection of Potentially Unwanted Applications is turned on. I am guessing that is why I am getting notice of the threat. I did a system restore to a date that I believed was prior to me first seeing the threat and that seems to have cleared the issue. But I would still like more info on what might have happened for the problem to arise and how I could have eliminated the threat without doing a system restore.

Link to comment
Share on other sites

Hello dkrumholz,

This is not a virus or malware. This is, as stated above, a potentially unwanted application. These are applications that come attached with other programs or updates for programs already installed on the computer. In general they can create security issues for your computer and we are trying to warn you about them. For a more detailed description of these types of detections please click here . Most of these can be uninstalled from the system, and we suggest looking there first, although Conduit is getting more and more dificult to remove that way. If you have any issues with removing a PUA please contact us as we will be more than happy to assist you further with these. Our contact information can be found here.

Link to comment
Share on other sites

  • 2 weeks later...

I am getting the same warning from the object

 

hxxp://storage/stgbssint.com/tbnewtabsupport/spau/1.0.2.60/minisp.dll

 

Threat: a variant of win32/conduit.searchprotect.h potentially unwanted application.  NOD32 offers a clean option, it comes back after reboot.  How do I remove it?

 

Thanks.

 

Link to comment
Share on other sites

Hello, robpress

 

After the cleaning process, you need to reset or reinstall your browsers without launching. If not the extension re-loads although the payload file and variants/remnants have been removed.

If you have Google chrome, uninstall it. Reason being, i usually see it residing in the chrome extensions folder after removal. I saw it yesterday as a matter of fact with my own eyes and manually deleted the whole extension folder.

Your welcome to reinstall Chrome after the fact, but i tell my clients to steer clear of the high targeted soccer ball looking browser. :rolleyes:

 

I recommend following William's suggestion and phoning in to support so they can assist you with removal if you are having troubles. Here

Edited by Arakasi
Link to comment
Share on other sites

  • 4 months later...

Hey, has your problem been solved? To get rid of the unwnated program, you can check the Control Panel and see if there are unknown programs. Then try to remove the malicious browser extensions or reset the web browser, If necessary. You can try see the details in this post.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...